Issue Description
The application sets secure cookies but doesn't regenerate session tokens after login, making it vulnerable to session fixation attacks.
Impact
If an attacker can predict or obtain a session token, they can hijack user sessions.
Current Behavior
- Session tokens are set during login but not regenerated
- Same session token persists throughout the user's session
Proposed Fix
Implement session token regeneration after successful authentication to prevent session fixation.
Priority
Medium (Security)
Labels
security, authentication, session-management
Issue Description
The application sets secure cookies but doesn't regenerate session tokens after login, making it vulnerable to session fixation attacks.
Impact
If an attacker can predict or obtain a session token, they can hijack user sessions.
Current Behavior
Proposed Fix
Implement session token regeneration after successful authentication to prevent session fixation.
Priority
Medium (Security)
Labels
security, authentication, session-management